/src/sudo/lib/util/strtonum.c

Source
/*
 * SPDX-License-Identifier: ISC
 *
 * Copyright (c) 2013-2015, 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <config.h>

#include <ctype.h>
#include <errno.h>

#include <sudo_compat.h>
#include <sudo_gettext.h>
#include <sudo_util.h>

enum strtonum_err {
    STN_INITIAL,
    STN_VALID,
    STN_INVALID,
    STN_TOOSMALL,
    STN_TOOBIG
};

/*
 * Convert a string to a number in the range [minval, maxval]
 * Unlike strtonum(), this returns the first non-digit in endp (if not NULL).
 */
long long
sudo_strtonumx(const char *str, long long minval, long long maxval, char **endp,
    const char **errstrp)
{
    enum strtonum_err errval = STN_INITIAL;
    long long lastval, result = 0;
    const char *cp = str;
    int remainder;
    char ch, sign;

    if (minval > maxval) {
  errval = STN_INVALID;
  goto done;
    }

    /* Trim leading space and check sign, if any. */
    do {
  ch = *cp++;
    } while (isspace((unsigned char)ch));
    switch (ch) {
    case '-':
  sign = '-';
  ch = *cp++;
  break;
    case '+':
  ch = *cp++;
  FALLTHROUGH;
    default:
  sign = '+';
  break;
    }

    /*
     * To prevent overflow we determine the highest (or lowest in
     * the case of negative numbers) value result can have *before*
     * if its multiplied (divided) by 10 as well as the remainder.
     * If result matches this value and the next digit is larger than
     * the remainder, we know the result is out of range.
     * The remainder is always positive since it is compared against
     * an unsigned digit.
     */
    if (sign == '-') {
  lastval = minval / 10;
  remainder = -(int)(minval % 10);
  if (remainder < 0) {
      lastval += 1;
      remainder += 10;
  }
  for (;; ch = *cp++) {
      if (!isdigit((unsigned char)ch))
    break;
      ch -= '0';
      if (result < lastval || (result == lastval && ch > remainder)) {
    /* Skip remaining digits. */
    do {
        ch = *cp++;
    } while (isdigit((unsigned char)ch));
    errval = STN_TOOSMALL;
    break;
      } else {
    result *= 10;
    result -= ch;
    errval = STN_VALID;
      }
  }
  if (result > maxval)
      errval = STN_TOOBIG;
    } else {
  lastval = maxval / 10;
  remainder = (int)(maxval % 10);
  for (;; ch = *cp++) {
      if (!isdigit((unsigned char)ch))
    break;
      ch -= '0';
      if (result > lastval || (result == lastval && ch > remainder)) {
    /* Skip remaining digits. */
    do {
        ch = *cp++;
    } while (isdigit((unsigned char)ch));
    errval = STN_TOOBIG;
    break;
      } else {
    result *= 10;
    result += ch;
    errval = STN_VALID;
      }
  }
  if (result < minval)
      errval = STN_TOOSMALL;
    }

done:
    switch (errval) {
    case STN_INITIAL:
    case STN_VALID:
  if (errstrp != NULL)
      *errstrp = NULL;
  break;
    case STN_INVALID:
  result = 0;
  errno = EINVAL;
  if (errstrp != NULL)
      *errstrp = N_("invalid value");
  break;
    case STN_TOOSMALL:
  result = 0;
  errno = ERANGE;
  if (errstrp != NULL)
      *errstrp = N_("value too small");
  break;
    case STN_TOOBIG:
  result = 0;
  errno = ERANGE;
  if (errstrp != NULL)
      *errstrp = N_("value too large");
  break;
    }
    if (endp != NULL) {
  if (errval == STN_INITIAL || errval == STN_INVALID)
      *endp = (char *)str;
  else
      *endp = (char *)(cp - 1);
    }
    return result;
}

/*
 * Convert a string to a number in the range [minval, maxval]
 */
long long
sudo_strtonum(const char *str, long long minval, long long maxval,
    const char **errstrp)
{
    const char *errstr;
    char *ep;
    long long ret;

    ret = sudo_strtonumx(str, minval, maxval, &ep, &errstr);
    /* Check for empty string and terminating NUL. */
    if (str == ep || *ep != '\0') {
  errno = EINVAL;
  errstr = N_("invalid value");
  ret = 0;
    }
    if (errstrp != NULL)
  *errstrp = errstr;
    return ret;
}

Line	Count	Source
1		/*
2		* SPDX-License-Identifier: ISC
3		*
4		* Copyright (c) 2013-2015, 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
5		*
6		* Permission to use, copy, modify, and distribute this software for any
7		* purpose with or without fee is hereby granted, provided that the above
8		* copyright notice and this permission notice appear in all copies.
9		*
10		* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11		* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12		* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13		* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14		* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15		* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16		* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17		*/
18
19		#include <config.h>
20
21		#include <ctype.h>
22		#include <errno.h>
23
24		#include <sudo_compat.h>
25		#include <sudo_gettext.h>
26		#include <sudo_util.h>
27
28		enum strtonum_err {
29		STN_INITIAL,
30		STN_VALID,
31		STN_INVALID,
32		STN_TOOSMALL,
33		STN_TOOBIG
34		};
35
36		/*
37		* Convert a string to a number in the range [minval, maxval]
38		* Unlike strtonum(), this returns the first non-digit in endp (if not NULL).
39		*/
40		long long
41		sudo_strtonumx(const char str, long long minval, long long maxval, char *endp,
42		const char **errstrp)
43	729k	{
44	729k	enum strtonum_err errval = STN_INITIAL;
45	729k	long long lastval, result = 0;
46	729k	const char *cp = str;
47	729k	int remainder;
48	729k	char ch, sign;
49
50	729k	if (minval > maxval) {
51	0	errval = STN_INVALID;
52	0	goto done;
53	0	}
54
55		/* Trim leading space and check sign, if any. */
56	730k	do {
57	730k	ch = *cp++;
58	730k	} while (isspace((unsigned char)ch));
59	729k	switch (ch) {
60	5.76k	case '-':
61	5.76k	sign = '-';
62	5.76k	ch = *cp++;
63	5.76k	break;
64	1.11k	case '+':
65	1.11k	ch = *cp++;
66	1.11k	FALLTHROUGH;
67	723k	default:
68	723k	sign = '+';
69	723k	break;
70	729k	}
71
72		/*
73		* To prevent overflow we determine the highest (or lowest in
74		* the case of negative numbers) value result can have before
75		* if its multiplied (divided) by 10 as well as the remainder.
76		* If result matches this value and the next digit is larger than
77		* the remainder, we know the result is out of range.
78		* The remainder is always positive since it is compared against
79		* an unsigned digit.
80		*/
81	729k	if (sign == '-') {
82	5.76k	lastval = minval / 10;
83	5.76k	remainder = -(int)(minval % 10);
84	5.76k	if (remainder < 0) {
85	422	lastval += 1;
86	422	remainder += 10;
87	422	}
88	35.1k	for (;; ch = *cp++) {
89	35.1k	if (!isdigit((unsigned char)ch))
90	5.25k	break;
91	29.9k	ch -= '0';
92	29.9k	if (result < lastval \|\| (result == lastval && ch > remainder)) {
93		/* Skip remaining digits. */
94	1.95M	do {
95	1.95M	ch = *cp++;
96	1.95M	} while (isdigit((unsigned char)ch));
97	506	errval = STN_TOOSMALL;
98	506	break;
99	29.4k	} else {
100	29.4k	result *= 10;
101	29.4k	result -= ch;
102	29.4k	errval = STN_VALID;
103	29.4k	}
104	29.9k	}
105	5.76k	if (result > maxval)
106	0	errval = STN_TOOBIG;
107	723k	} else {
108	723k	lastval = maxval / 10;
109	723k	remainder = (int)(maxval % 10);
110	1.95M	for (;; ch = *cp++) {
111	1.95M	if (!isdigit((unsigned char)ch))
112	722k	break;
113	1.22M	ch -= '0';
114	1.22M	if (result > lastval \|\| (result == lastval && ch > remainder)) {
115		/* Skip remaining digits. */
116	2.11M	do {
117	2.11M	ch = *cp++;
118	2.11M	} while (isdigit((unsigned char)ch));
119	1.30k	errval = STN_TOOBIG;
120	1.30k	break;
121	1.22M	} else {
122	1.22M	result *= 10;
123	1.22M	result += ch;
124	1.22M	errval = STN_VALID;
125	1.22M	}
126	1.22M	}
127	723k	if (result < minval)
128	335	errval = STN_TOOSMALL;
129	723k	}
130
131	729k	done:
132	729k	switch (errval) {
133	1.51k	case STN_INITIAL:
134	727k	case STN_VALID:
135	727k	if (errstrp != NULL)
136	727k	*errstrp = NULL;
137	727k	break;
138	0	case STN_INVALID:
139	0	result = 0;
140	0	errno = EINVAL;
141	0	if (errstrp != NULL)
142	0	*errstrp = N_("invalid value");
143	0	break;
144	841	case STN_TOOSMALL:
145	841	result = 0;
146	841	errno = ERANGE;
147	841	if (errstrp != NULL)
148	841	*errstrp = N_("value too small");
149	841	break;
150	1.30k	case STN_TOOBIG:
151	1.30k	result = 0;
152	1.30k	errno = ERANGE;
153	1.30k	if (errstrp != NULL)
154	1.30k	*errstrp = N_("value too large");
155	1.30k	break;
156	729k	}
157	729k	if (endp != NULL) {
158	729k	if (errval == STN_INITIAL \|\| errval == STN_INVALID)
159	1.51k	endp = (char )str;
160	727k	else
161	727k	endp = (char )(cp - 1);
162	729k	}
163	729k	return result;
164	729k	}
165
166		/*
167		* Convert a string to a number in the range [minval, maxval]
168		*/
169		long long
170		sudo_strtonum(const char *str, long long minval, long long maxval,
171		const char **errstrp)
172	76.6k	{
173	76.6k	const char *errstr;
174	76.6k	char *ep;
175	76.6k	long long ret;
176
177	76.6k	ret = sudo_strtonumx(str, minval, maxval, &ep, &errstr);
178		/* Check for empty string and terminating NUL. */
179	76.6k	if (str == ep \|\| *ep != '\0') {
180	1.67k	errno = EINVAL;
181	1.67k	errstr = N_("invalid value");
182	1.67k	ret = 0;
183	1.67k	}
184	76.6k	if (errstrp != NULL)
185	74.9k	*errstrp = errstr;
186	76.6k	return ret;
187	76.6k	}

Coverage Report

Created: 2025-10-10 07:09